Webserver inside pfsense

neteffectcafe · Feb 22, 2013, 5:10 PM

I am having a devil of a time trying to allow external access to the webserver i am building. I have a WAMP WP setup that is going to be our website. I shut down all ports on the machine save http and https. The internal address of this server is 192.168.10.113 which is the subnet for the LAN. I have the WAN auto so it gets addressed from gateway. I set up a rule that says, or i think it says, pass incoming requests to 192.168.10.113 . When i go to an external machine and try to access the server through the REAL IP, pfsense isnt passing along the request internally. If i do so as Local machine the site is expressed so i know the site itself is up.

Should i just put the server on the Bell gateway and give up trying to send the request through? There are three available jacks on the Bell gateway.

podilarius · Feb 23, 2013, 4:57 AM

I would not. I have several site up behind pfsense. I am afraid though more info is needed.
Are you using an IP alias (CARP, PARP, IPAlias)? Are you using 1:1 or port forward?
You say that it is getting an DHCP address from the gateway, is that a private IP address?
Screen shots would be nice.

johnpoz · Feb 23, 2013, 5:48 AM

He states "There are three available jacks on the Bell gateway. "

So I assume its doing nat, so yeah his pfsense IP is private most likely. So as with most users issues and port forwarding, its because they are behind a double nat!

If your pfsense is not directly connected to the public NET and have a public ip, ie NOT 192.168.x.x, 172.16-31.x.x or 10.x.x.x Then you would need the device in front of pfsense to forward the port you want to pfsense wan IP first.

There is rarely a good reason to be behind a double nat.

neteffectcafe · Feb 23, 2013, 11:00 PM

Ahhh ok . So i harden the server and jack it direct to the gateway. I am loathe to play with the sense box again as i dropped us of the internet for ten minutes last night in my ham handed attempts to figure it out. I tried alias, port forwarding and eventually NAT rules and all failed.

johnpoz · Feb 23, 2013, 11:09 PM

And you still haven't answered the question - is your pfsense wan on a public IP or private? You call it your bell gateway, I assume its doing nat??

podilarius · Feb 25, 2013, 6:23 PM

as johnpoz, pointed out, you are probably doing double nat. The gateway has to forward it to pfsense and then pfsense forwards it inside.
Not a very go idea to do as it can cause confusion, slower speeds, and you don't much benefit from it.

neteffectcafe · Mar 8, 2013, 4:26 PM

Hi guys , thanks for your replies. I could not answer because i was incapacitated for the last two weeks. Not because i was being rude. I will endeavour to answer that question with a screen shot later today. And a network diagram. I do not believe i have double NAT as all the internal computers are static IP to the pFsense box. The only DHCP is coming from the bell gateway to the WAN side of the pFsense.

johnpoz · Mar 8, 2013, 7:10 PM

Simple question that takes 2 seconds to answer.

Does your pfsense wan IP start with 192.168.x.x, 10.x.x.x or 172.16-31.x.x – if so then its behind a NAT, and your clients on the 192.168.10 behind pfsense are NATed as well = double NAT!!